TYPO3 CMS  TYPO3_6-2
HashService.php
Go to the documentation of this file.
1 <?php
3 
24 
32  public function generateHmac($string) {
33  if (!is_string($string)) {
34  throw new \TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException('A hash can only be generated for a string, but "' . gettype($string) . '" was given.', 1255069587);
35  }
36  $encryptionKey = $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'];
37  if (!$encryptionKey) {
38  throw new \TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException('Encryption Key was empty!', 1255069597);
39  }
40  return hash_hmac('sha1', $string, $encryptionKey);
41  }
42 
51  public function appendHmac($string) {
52  $hmac = $this->generateHmac($string);
53  return $string . $hmac;
54  }
55 
63  public function validateHmac($string, $hmac) {
64  return $this->generateHmac($string) === $hmac;
65  }
66 
80  public function validateAndStripHmac($string) {
81  if (!is_string($string)) {
82  throw new \TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException('A hash can only be validated for a string, but "' . gettype($string) . '" was given.', 1320829762);
83  }
84  if (strlen($string) < 40) {
85  throw new \TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException('A hashed string must contain at least 40 characters, the given string was only ' . strlen($string) . ' characters long.', 1320830276);
86  }
87  $stringWithoutHmac = substr($string, 0, -40);
88  if ($this->validateHmac($stringWithoutHmac, substr($string, -40)) !== TRUE) {
89  throw new \TYPO3\CMS\Extbase\Security\Exception\InvalidHashException('The given string was not appended with a valid HMAC.', 1320830018);
90  }
91  return $stringWithoutHmac;
92  }
93 }
if(!defined('TYPO3_MODE')) $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['logoff_pre_processing'][]